Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses.
Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year. Howling Scorpius targets small to medium-sized businesses in North America, Europe and Australia, across various sectors. Affected industries include education, consulting, government, manufacturing, telecommunications, technology and pharmaceuticals.
Read more…
Source: Palo Alto Unit 42
Related:
- PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
January 26, 2026
Since 2023, Trend Micro researchers have been observing threat campaigns employing a previously unseen script-based command-and-control (C&C) framework which we named PeckBirdy, being used against Chinese gambling industries, as well as malicious activities targeting Asian government entities and private organizations. While tracking this framework, Trend Micro identified at least two campaigns using PeckBirdy, which we were ...
- Researchers say Russian government hackers were behind attempted Poland power outage
January 23, 2026
A failed December effort to bring down parts of Poland’s energy grid was the work of Russian government hackers known for causing past energy disruptions, according to a security research firm that investigated the incident. Last week, Polish Energy Minister Milosz Motyka told reporters that the attempted cyberattack on December 29 and 30 saw hackers targeting ...
- North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities
January 8, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to alert NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea of evolving tactics employed by the North Korean state-sponsored cyber threat group Kimsuky and to provide mitigation recommendations. As of 2025, Kimsuky actors have targeted think tanks, academic institutions, ...
- The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
December 29, 2025
In mid-2025, Kaspersky researchers identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the system processes and provide protection for malicious files, user-mode ...
- Evasive Panda APT poisons DNS requests to deliver MgBot
December 23, 2025
The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research (June 2025) reveals that the attackers conducted highly-targeted campaigns, which started in November 2022 and ran until November 2024. The group mainly performed adversary-in-the-middle (AitM) attacks on specific ...
- North Korea-backed hackers launch newly detected cyberattack using HWP object linking and embedding code
December 22, 2025
A North Korea-linked cyber hacking group appears to have launched a new cyberattack campaign, code-named “Artemis,” that embeds malicious code inside computer files, a report showed Monday. The Genians Security Center (GSC), a South Korean cybersecurity institute, said in a report that it detected the operation believed to have been carried out by APT37, a Pyongyang-backed ...